fw sam_policy
Description
Manages the Suspicious Activity Policy editor that works with these types of rules:
-
Suspicious Activity Monitoring (SAM) rules.
See sk112061: How to create and view Suspicious Activity Monitoring (SAM) Rules.
-
Rate Limiting rules.
See sk112454: How to configure Rate Limiting rules for DoS Mitigation.
Also, see these commands:
|
Notes:
|
|
Important:
|
|
Best Practice - The SAM Policy rules consume some CPU resources on Security Gateway. Set an expiration for rules that gives you time to investigate, but does not affect performance. Keep only the required SAM Policy rules. If you confirm that an activity is risky, edit the Security Policy, educate users, or otherwise handle the risk. |
Syntax for IPv4
|
|
Syntax for IPv6
|
|
Parameters
Parameter |
Description |
||
---|---|---|---|
|
Runs the command in debug mode. Use only if you troubleshoot the command itself.
|
||
|
Adds one Rate Limiting rule one at a time. See fw sam_policy add. |
||
|
Adds or deletes many Rate Limiting rules at a time. See fw sam_policy batch. |
||
|
Deletes one configured Rate Limiting rule one at a time. See fw sam_policy del. |
||
|
Shows all the configured Rate Limiting rules. See fw sam_policy get. |